[Security] About the Firefox 3 Security Dialog & others
dmeyer at tzi.de
Sat Aug 23 04:04:48 CDT 2008
Jonathan Schleifer wrote:
> m 23.08.2008 um 00:20 schrieb Dirk Meyer:
>>> Woudln't that mean an attacker could chose the question and chose one
>>> to which he knows the answer because it's not so secret? If an
>>> attacker does that with both ends, he has won, because he selected
>>> question. Correct me if I'm wrong.
>> No correction, you are right. The riddle is a stupid idea.
> So we should go for SAS, I think.
SAS does not work for me when I use bots. It also reduces it to one
way removing the option of X.509 certificates which is something I
> Having a 32-bit SAS encoded with Mnemonics (like already suggested
> here) really sounds like a great idea.
Why not encode a key fingerprint with Mnemonics? Looks like the same
to the user.
BREAKFAST.COM halted... cereal port not responding!
More information about the Security